AMENDMENTS IN THE CLAIMS 



1 . (currently amended) A method for providing secure access to console functions of a 
computer system comprising: 

initiating a first EKE sequence between a console device and a network-accessible 
system to authenticate the console device as being authorized to connect to the network- 
accessible system to allow user access to the network-accessible system, wherein the first EKE 
sequence includes checking whether to g e n e rat e a device shared secret generated during a 
previous access of the console device with the network-accessible system matches utilizing a 
d e fault d e vic e id e ntifi e r and an associated shared secret stored on the network-accessible [[a]] 
system attach e d d e vic e from to which a console operation is desired enabled; 

when the device shared secret matches the associated shared secret, initiating a second 
EKE sequence between the console device and the network-accessible system to authenticate a 
userlD and password of the user of the console device; and 

preventing access to the network-accessible system when either the first EKE sequence or 
the second EKE sequence fails to authenticate, wherein a dual authentication procedure is 
implemented before any access is permitted by a user to the network-accessible system. 

g e n e rating said d e vic e shar e d s e cr e t from said first EKE s e qu e nc e , wh e r e in said d e vic e 
shar e d s e cr e t is utiliz e d in plac e of said d e fault d e vic e shar e d s e cr e t in subs e qu e nt consol e 
auth e ntication proc e dur e s; and 

storing said d e vic e shar e d s e cr e t within a storag e location of said syst e m and on said 
syst e m attach e d d e vic e . 
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2. (currently amended) The method of Claim 1, further comprising: 

generating the device shared secret via an initial EKE sequence utilizing a default device 
identifier and associated default shared secret during an initial setup of the console device for 
connecting to the network-accessible system, wherein said device shared secret is utilized in 
place of said default device shared secret in subsequent console authentication procedures: and 

storing said device shared secret within a secure storage location of said network- 
accessible system; and 

passing a copy of the device shared secret to the console device for secure storage 
therein, w herein said device shared secret is stored in a prot e ct e d mann e r secure location on said 
syst e m attach e d console device and utilized along with a device ID of the console device during 
each subsequent connection of said syst e m attach e d console device to said network-accessible 
system. 

3. (currently amended) The method of Claim [[2]] i, further comprising encrypting and 
decrypting a console operator's authentication data flowing between said syst e m attach e d 
console device and said network-accessible system utilizing a value selected from among said 
shared secret and a hash of said shared secret . 

4. (currently amended) The method of Claim [[2]] h, m e thod further comprising encrypting 
and decrypting subsequent session op e rator auth e ntication data flowing between said syst e m 
attach e d console device and said network-accessible system utilizing a value selected from 
among a second secret generated by the second EKE sequence or a hash of said shar e d second 
secret. 
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5. (currently amended) The method of Claim 2, further comprising: 

responsive to an establishment of a first console session that authenticates said syst e m 
attach e d console device, instantiating a second EKE sequence to authenticate a console operator 
utilizing a default user identifier and password; 

enabling an update of the default user identifier and password to a new user identifier and 
password; and 

storing said new user identifier and password in a prot e ct e d ar e a of said secure storage 
location of said network-accessible system only, wherein said new user identifier and password 
are not stored on the console device . 

6. (currently amended) The method of Claim 5, further comprising: 

enabling a setup of multiple device identifiers and authorization levels for other syst e m 
attach e d devices to act as console devices; aad 

storing said multiple device identifiers and authorization levels in said secure storage 
locatio n; wherein said setup and storing of device identifiers and authorization levels are 
completed by an administrator of the network-accessible system; and 

enabling multiple console sessions for different systems on a single console device . 

7. (currently amended) The method of Claim 5, further comprising: 

enabling a setup of multiple operator user identifiers and associated passwords and 
authorization levels for other console operators to access console functions of the system; and 

storing said multiple operator user identifiers and associated passwords and authorization 
levels in said secure storage location; 

wherein said setup and storing of operator user identifiers, associated passwords and 
authorization levels are completed by an administrator of the network-accessible system . 
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8. (currently amended) The method of Claim [[5]] 2, wherein said passing a copy of the 
device shared secret further comprising comprises one or more of: 

when the console device includes an embedded smart chip, storing the copy of the device 
shared secret within the embedded smart chip, wherein the device shared secret is encrypted and 
maintained in a physically secure storage; and 

storing the copy of the device shared secret in encrypted format within the secure 
memory region of the console device, wherein said encrypted format utilizes a key generated 
from an operator-specified password e nabling multipl e consol e s e ssions for diff e r e nt syst e ms on 
a singl e consol e d e vic e. 

9. (currently amended) A system for providing secure access to console functions of a 
computer system comprising logic for: 

initiating a first EKE sequence between a console device and a network-accessible 
system to authenticate the console device as being authorized to connect to the network- 
accessible system to allow user access to the network-accessible system, wherein the first EKE 
sequence includes checking whether to g e n e rat e a device shared secret generated during a set-up 
of the console device with the network-accessible system matches utilizing a d e fault d e vic e 
id e ntifi e r and an associated shared secret stored on the network-accessible [[a]] system attach e d 
d e vic e from to which a console operation is desired enabled; 

when the device shared secret matches the associated shared secret, initiating a second 
EKE sequence between the console device and the network-accessible system to authenticate a 
userlD and password of the user of the console device; and 

preventing access to the network-accessible system when either the first EKE sequence or 
the second EKE sequence fails to authenticate, wherein a dual authentication procedure is 
implemented before any access is permitted by a user to the network-accessible system 

g e n e rating said d e vic e shar e d s e cr e t from said first EKE s e qu e nc e , wh e r e in said d e vic e 
shar e d s e cr e t is utiliz e d in plac e of said d e fault devic e shar e d s e cr e t in subs e qu e nt consol e 
auth e ntication proc e dur e s; and 

storing said d e vic e shar e d s e cr e t within a storage location of said syst e m and on said 
syst e m attach e d d e vic e. 
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10. (currently amended) The system of Claim 9, further comprising logic for: 

generating the device shared secret via an initial EKE sequence utilizing a default device 
identifier and associated default shared secret during an initial setup of the console device for 
connecting to the network-accessible system, wherein said device shared secret is utilized in 
place of said default device shared secret in subsequent console authentication procedures: and 

storing said device shared secret within a secure storage location of said network- 
accessible system; and 

passing a copy of the device shared secret to the console device for secure storage 
therein, w herein said device shared secret is stored in a prot e cted mann e r secure location on said 
syst e m attach e d console device and utilized along with a device ID of the console device during 
each subsequent connection of said syst e m attached console device to said network-accessible 
system. 

11. (currently amended) The system of Claim 10, further comprising logic for encrypting 
and decrypting a console operators authentication data flowing between said syst e m attach e d 
console device and said network-accessible system utilizing a value selected from among said 
shared secret and a hash of said shared secret . 

12. (currently amended) The system of Claim 10, m e thod further comprising logic for 
encrypting and decrypting subsequent session op e rator auth e ntication data flowing between said 
syst e m attach e d console device and said network-accessible system utilizing a value selected 
from among a second secret generated by the second EKE sequence or a hash of said shar e d 
second secret. 
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13. (currently amended) The system of Claim 10, further comprising logic for: 
responsive to an establishment of a first console session that authenticates said syst e m attached 
console device, instantiating a second EKE sequence to authenticate a console operator utilizing 
a default user identifier and password; 

enabling an update of the default user identifier and password to a new user identifier and 
password; and 

storing said new user identifier and password in a prot e ct e d ar e a of said secure storage 
location of said network-accessible system only, wherein said new user identifier and password 
are not stored on the console device . 

14. (currently amended) The system of Claim 13, further comprising logic for: 

enabling a setup of multiple device identifiers and authorization levels for other syst e m 
attach e d devices to act as console devices; and 

storing said multiple device identifiers and authorization levels in said secure storage 
locatio n; wherein said setup and storing of device identifiers and authorization levels are 
completed by an administrator of the network-accessible system; and 

enabling multiple console sessions for different systems on a single console device . 

15. (currently amended) The system of Claim 13, further comprising logic for: 

enabling a setup of multiple operator user identifiers and associated passwords and 
authorization levels for other console operators to access console functions of the system; and 

storing said multiple operator user identifiers and associated passwords and authorization 
levels in said secure storage location^ 

wherein said setup and storing of operator user identifiers, associated passwords and 
authorization levels are completed by an administrator of the network-accessible system . 
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16. (currently amended) The system of Claim [[13]] 10, wherein said logic for passing a 
copy of the device shared secret further comprising comprises logic for one of: 

when the console device includes an embedded smart chip, storing the copy of the device 
shared secret within the embedded smart chip, wherein the device shared secret is encrypted and 
maintained in a physically secure storage; and 

storing the copy of the device shared secret in encrypted format within the secure 
memory region of the console device, wherein said encrypted format utilizes a key generated 
from an operator-specified password e nabling multipl e consol e s e ssions for diff e r e nt oyot e ms on 
a singl e consol e d e vic e. 
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1 7. (currently amended) A computer program product comprising: 
a computer readable medium; and 

program code on said computer readable medium for providing secure access to console 
functions of a computer system by: 

initiating a first EKE sequence between a console device and a network- 
accessible system to authenticate the console device as being authorized to connect to the 
network-accessible system to allow user access to the network-accessible system, 
wherein the initiating of a first EKE sequence includes checking whether to g e n e rat e a 
device shared secret generated during a previous access of the console device with the 
network-accessible system matches utilizing a d e fault d e vic e id e ntifi e r and an associated 
shared secret stored on the network-accessible [[a]] system attach e d d e vic e from to 
which a console operation is desired enabled; 

when the device shared secret matches the associated shared secret, initiating a 
second EKE sequence between the console device and the network-accessible system to 
authenticate a userlD and password of the user of the console device; and 

preventing access to the network-accessible system when either the first EKE 
sequence or the second EKE sequence fails to authenticate, wherein a dual authentication 
procedure is implemented before any access is permitted by a user to the network- 
accessible system 

g e n e rating said d e vic e shar e d s e cr e t from said first EKE s e qu e nc e , wh e r e in said 
d e vic e shar e d s e cr e t is utiliz e d in plac e of said d e fault d e vic e shar e d s e cr e t in subs e qu e nt 
consol e auth e ntication proc e dures; and 

storing said d e vic e shar e d s e cr e t within a storag e location of said syst e m and on 
said syst e m attach e d d e vic e. 
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18. (currently amended) The computer program product of Claim 1 7, further comprising: 
generating the device shared secret via an initial EKE sequence utilizing a. default device 

identifier and associated default shared secret during an initial setup of the console device for 
connecting to the network-accessible system, wherein said device shared secret is utilized in 
place of said default device shared secret in subsequent console authentication procedures; and 

storing said device shared secret within a secure storage location of said network- 
accessible system; and 

passing a copy of the device shared secret to the console device for secure storage therein, 
wherein said device shared secret is stored in a prot e ct e d mann e r secure location on said syst e m 
attach e d console device and utilized along with a device ID of the console device during each 
subsequent connection of said syst e m attach e d console device to said network-accessible system. 

19. (currently amended) The computer program product of Claim 18, further comprising 
program code for encrypting and decrypting a console operator^ authentication data flowing 
between said syot e m attach e d console device and said network-accessible system utilizing a 
value selected from among said shared secret and a hash of said shared secret . 

20. (currently amended) The computer program product of Claim 18, further comprising 
program code for encrypting and decrypting subsequent session op e rator auth e ntication data 
flowing between said syst e m attach e d console device and said network-accessible system 
utilizing a value selected from among a second secret generated by the second EKE sequence or 
a hash of said shar e d second secret. 
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21. (currently amended) The computer program product of Claim 18, further comprising 
program code for: 

responsive to an establishment of a first console session that authenticates said syst e m 
attach e d console device, instantiating a second EKE sequence to authenticate a console operator 
utilizing a default user identifier and password; 

enabling an update of the default user identifier and password to a new user identifier and 
password; and 

storing said new user identifier and password in a prot e ct e d ar e a of said secure storage 
location of said network-accessible system only, wherein said new user identifier and password 
are not stored on the console device . 

22. (currently amended) The computer program product of Claim 21, further comprising 
program code for: 

enabling a setup of multiple device identifiers and authorization levels for other syst e m 
attached devices to act as console devices; aad 

storing said multiple device identifiers and authorization levels in said secure storage 
locatio n; wherein said setup and storing of device identifiers and authorization levels are 
completed by an administrator of the network-accessible system; and 

enabling multiple console sessions for different systems on a single console device . 

23. (currently amended) The computer program product of Claim 21, further comprising 
program code for: 

enabling a setup of multiple operator user identifiers and associated passwords and 
authorization levels for other console operators to access console functions of the system; and 

storing said multiple operator user identifiers and associated passwords and authorization 
levels in said secure storage location^ 

wherein said setup and storing of operator user identifiers, associated passwords and 
authorization levels are completed by an administrator of the network-accessible system . 
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24. (currently amended) The computer program product of Claim 21, wherein said furth e r 
comprising program code for passing a copy of the device shared secret comprises code for one 
of 

when the console device includes an embedded smart chip, storing the copy of the device 
shared secret within the embedded smart chip, wherein the device shared secret is encrypted and 
maintained in a physically secure storage; and 

storing the copy of the device shared secret in encrypted format within the secure 
memory region of the console device, wherein said encrypted format utilizes a key generated 
from an operator-specified password e nabling multipl e consol e sessions for diff e r e nt oyot e ms on 
a singl e consol e d e vic e. 

25. (currently amended) A method of signing in authenticated users to a console function of 
a system, comprising: 

determining via a first EKE sequence whether a device identifier and associated shared 
secret of a system-attached device matches a stored device identifier and associated shared secret 
on said system; 

responsive to both ends having identical shared secrets, r e c e iving a us e r e nt e r e d id e ntifi e r 
and password; 

r e sponsiv e to said r e c e iving, initiating a second EKE sequence to determine whether 
[[said]] a user-entered identifier and password matches a user identifier and password 
combination stored on a storage location of said system; 

encrypting data transmitted during said second EKE sequence utilizing a shared secret 
generated during said first EKE sequence; and 

granting said user access to console functions of the system only when said second EKE 
sequence is successful , wherein no access is granted until both authentication processes of the 
first and second EKE sequences are successful . 



ROC920000258US1 



-14- 



26. (currently amended) The method of Claim 25, further comprising e ncrypting data 
transmitt e d during said s e cond EKE sequ e nc e utilizing a shar e d s e cr e t g e n e rat e d during paid first 
EKE s e qu e nc e subsequently generating a new device shared secret key following each successful 
first EKE sequence and passing the new device shared secret key to the console device for use in 
a next first EKE sequence, wherein the device shared secret is updated each time a session is 
established between the console device and the network environment . 

27. (currently amended) A method for secure authentication of a system console device 
within a network environment, comprising: 

establishing a first console session from an authentication device, wherein a default 
device identifier is utilized to initiate an EKE sequence between a network-attached console 
device and a.. 

generating a shared secret key via an EKE sequence utilized to establish said first console 
session; and 

subsequently authenticating a console operator via a second EKE sequence, wherein said 
shared secret key is utilized to encrypt data of an authentication process for said console operator 
attempting to utilize said console operatio n; and 

subsequently generating a new device shared secret key following each successful first 
EKE sequence and passing the new device shared secret key to the console device for use in a 
next first EKE sequence, wherein the device shared secret is updated each time a session is 
established between the console device and the network environment. 
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